From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Timothy R. Chavez" <tinytim@us.ibm.com>
Subject: Re: [RFC][PATCH 2/2] file system auditing
Date: Tue, 5 Apr 2005 17:45:17 -0500
Message-ID: <200504051745.17713.tinytim@us.ibm.com>
References: <200504051704.30400.tinytim@us.ibm.com> <200504051720.36034.tinytim@us.ibm.com> <1112740621.4397.65.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Cc: David Woodhouse <dwmw2@infradead.org>, linux-audit@redhat.com
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from e31.co.us.ibm.com ([32.97.110.129]:12265 "EHLO
	e31.co.us.ibm.com") by vger.kernel.org with ESMTP id S261885AbVDEWod
	(ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 5 Apr 2005 18:44:33 -0400
Received: from westrelay01.boulder.ibm.com (westrelay01.boulder.ibm.com [9.17.195.10])
	by e31.co.us.ibm.com (8.12.10/8.12.9) with ESMTP id j35MiXua228248
	for <linux-fsdevel@vger.kernel.org>; Tue, 5 Apr 2005 18:44:33 -0400
Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169])
	by westrelay01.boulder.ibm.com (8.12.10/NCO/VER6.6) with ESMTP id j35MiWOq170978
	for <linux-fsdevel@vger.kernel.org>; Tue, 5 Apr 2005 16:44:32 -0600
Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1])
	by d03av03.boulder.ibm.com (8.12.11/8.12.11) with ESMTP id j35MiWBK020036
	for <linux-fsdevel@vger.kernel.org>; Tue, 5 Apr 2005 16:44:32 -0600
To: linux-fsdevel@vger.kernel.org
In-Reply-To: <1112740621.4397.65.camel@localhost.localdomain>
Content-Disposition: inline
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Tuesday 05 April 2005 05:37 pm, you wrote:
> On Tue, 2005-04-05 at 17:20 -0500, Timothy R. Chavez wrote:
> > --- linux-2.6.12-rc2-mm1/security/selinux/nlmsgtab.c    2005-03-02
> > 01:38:19.000000000 -0600 +++
> > linux-2.6.12-rc2-mm1~audit/security/selinux/nlmsgtab.c      2005-04-05
> > 13:16:26.000000000 -0500 @@ -98,6 +98,8 @@ static struct nlmsg_perm
> > nlmsg_audit_per
> >         { AUDIT_DEL,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> >         { AUDIT_USER,           NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> >         { AUDIT_LOGIN,          NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> > +       { AUDIT_WATCH_INS,      NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> > +       { AUDIT_WATCH_REM,      NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> >  };
>
> Do you not need to add AUDIT_WATCH_LIST to this?

Oh yes, that's right.  I'm not sure its pertinent ATM.  The feature isn't 
supported in the downloadable version of the user space tools yet.  But 
regardless, it should be added.  Thanks David.

-tim